Techniques for load balancing subscriber-aware application proxies
    1.
    发明授权
    Techniques for load balancing subscriber-aware application proxies 有权
    用于负载平衡用户感知应用代理的技术

    公开(公告)号:US07738452B1

    公开(公告)日:2010-06-15

    申请号:US11158751

    申请日:2005-06-22

    IPC分类号: H04L12/28 H04L12/56

    摘要: Techniques for distributing network traffic from an access server to a service gateway include receiving, at a load balancer, sticky table data that indicates an association between a particular subscriber IP address and a particular subscriber-aware service gateway in a gateway cluster. An input data packet is received with an input source address and an input transport-layer destination. If it is determined that the input transport-layer destination indicates a type of payload that uses a service gateway, then the particular service gateway associated with the particular subscriber is determined based on the sticky table and IP address in the input source address. An output data packet is directed to the particular service gateway using a link-layer or networking-layer destination address. These techniques allow a load balancer to be located anywhere on the network and to bypass a subscriber-aware service gateway for some data traffic.

    摘要翻译: 用于将网络流量从接入服务器分配到服务网关的技术包括在负载平衡器处接收指示特定用户IP地址和网关集群中的特定用户感知服务网关之间的关联的粘性表数据。 用输入源地址和输入传输层目的地接收输入数据分组。 如果确定输入传输层目的地指示使用服务网关的有效载荷的类型,则基于输入源地址中的粘性表和IP地址确定与特定用户相关联的特定服务网关。 使用链路层或网络层目的地址将输出数据分组引导到特定服务网关。 这些技术允许负载平衡器位于网络上的任何地方,并绕过用户感知的服务网关以获取某些数据流量。

    Techniques for load balancing over a cluster of subscriber-aware application servers
    2.
    发明授权
    Techniques for load balancing over a cluster of subscriber-aware application servers 有权
    在用户感知应用服务器的群集上进行负载平衡的技术

    公开(公告)号:US07694011B2

    公开(公告)日:2010-04-06

    申请号:US11333573

    申请日:2006-01-17

    IPC分类号: G06F15/173

    摘要: Techniques for distributing control plane traffic, from an end node in a packet switched network to a cluster of service gateway nodes that host subscriber-aware application servers, include receiving a control plane message for supporting data plane traffic from a particular subscriber. A particular service gateway node is determined among the cluster of service gateway nodes based on policy-based routing (PBR) for the data plane traffic from the particular subscriber. A message based on the control plane message is sent to a control plane process on the particular service gateway node. Thereby, data plane traffic and control plane traffic from the same subscriber are directed to the same gateway node, or otherwise related gateway nodes, of the cluster of service gateway nodes. This approach allows currently-available, hardware-accelerated PBR to be used with clusters of subscriber-aware service gateways that must also monitor control plane traffic from the same subscriber.

    摘要翻译: 用于将控制平面流量从分组交换网络中的终端节点分发到托管用户感知应用服务器的服务网关节点群集的技术包括从特定用户接收用于支持数据平面业务的控制平面消息。 基于用于来自特定用户的数据平面业务的基于策略的路由(PBR),在服务网关节点群集之间确定特定服务网关节点。 基于控制平面消息的消息被发送到特定服务网关节点上的控制平面进程。 因此,来自同一用户的数据平面业务和控制平面业务被定向到服务网关节点集群的相同网关节点或其他相关网关节点。 这种方法允许当前可用的硬件加速的PBR与用户感知服务网关的群集一起使用,其也必须监视来自同一用户的控制平面业务。

    Parsing out of order data packets at a content gateway of a network
    3.
    发明授权
    Parsing out of order data packets at a content gateway of a network 有权
    在网络的内容网关处解析出不合适的数据包

    公开(公告)号:US07864771B2

    公开(公告)日:2011-01-04

    申请号:US11738358

    申请日:2007-04-20

    IPC分类号: H04L12/28 H04L12/56

    摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.

    摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。

    Techniques for network protection based on subscriber-aware application proxies
    4.
    发明授权
    Techniques for network protection based on subscriber-aware application proxies 有权
    基于用户感知应用代理的网络保护技术

    公开(公告)号:US08844035B2

    公开(公告)日:2014-09-23

    申请号:US13369498

    申请日:2012-02-09

    IPC分类号: H04L29/06

    摘要: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

    摘要翻译: 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

    Parsing Out of Order Data Packets at a Content Gateway of a Network
    5.
    发明申请
    Parsing Out of Order Data Packets at a Content Gateway of a Network 有权
    在网络的内容网关上解析不合规格的数据包

    公开(公告)号:US20080259926A1

    公开(公告)日:2008-10-23

    申请号:US11738358

    申请日:2007-04-20

    IPC分类号: H04L12/56

    摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.

    摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。

    Techniques for network protection based on subscriber-aware application proxies
    6.
    发明授权
    Techniques for network protection based on subscriber-aware application proxies 有权
    基于用户感知应用代理的网络保护技术

    公开(公告)号:US08266696B2

    公开(公告)日:2012-09-11

    申请号:US11273112

    申请日:2005-11-14

    摘要: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

    摘要翻译: 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

    Parsing out of order data packets at a content gateway of a network
    7.
    发明授权
    Parsing out of order data packets at a content gateway of a network 有权
    在网络的内容网关处解析出不合适的数据包

    公开(公告)号:US08194675B2

    公开(公告)日:2012-06-05

    申请号:US12725336

    申请日:2010-03-16

    IPC分类号: H04L12/28

    摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.

    摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。

    TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES
    8.
    发明申请
    TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES 有权
    基于订户应用程序代码的网络保护技术

    公开(公告)号:US20120137366A1

    公开(公告)日:2012-05-31

    申请号:US13369498

    申请日:2012-02-09

    IPC分类号: G06F21/00

    摘要: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.

    摘要翻译: 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

    PARSING OUT OF ORDER DATA PACKETS AT A CONTENT GATEWAY OF A NETWORK
    9.
    发明申请
    PARSING OUT OF ORDER DATA PACKETS AT A CONTENT GATEWAY OF A NETWORK 有权
    在网络的内容网关中排除订单数据包

    公开(公告)号:US20100172356A1

    公开(公告)日:2010-07-08

    申请号:US12725336

    申请日:2010-03-16

    IPC分类号: H04L12/56

    摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.

    摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。

    System and method for server farm resource allocation
    10.
    发明授权
    System and method for server farm resource allocation 有权
    服务器场资源分配的系统和方法

    公开(公告)号:US07640023B2

    公开(公告)日:2009-12-29

    申请号:US11417960

    申请日:2006-05-03

    IPC分类号: H04W72/00

    摘要: Techniques and systems for server farm load balancing and resource allocation are disclosed. In one embodiment, a method of load balancing can include: arranging servers into service groups; receiving an access request with information related to a differentiation between the service groups; selecting one of the service groups based on a mapping comparison to the information; and selecting one of the servers within the selected service group based on a hardware utilization comparison. The servers can include GPRS (General Packet Radio Service) Gateway Support Node (GGSN) or Remote Authentication Dial In User Service (RADIUS) servers, for example. The information can include an Access Point Name (APN) or Calling Station ID, for example.

    摘要翻译: 披露了用于服务器场负载平衡和资源分配的技术和系统。 在一个实施例中,负载平衡的方法可以包括:将服务器排列成服务组; 接收具有与服务组之间的区别相关的信息的访问请求; 基于与信息的映射比较来选择服务组之一; 以及基于硬件利用率比较来选择所选服务组内的一个服务器。 服务器可以包括例如GPRS(通用分组无线电业务)网关支持节点(GGSN)或远程认证拨入用户服务(RADIUS)服务器。 该信息可以包括例如接入点名称(APN)或呼叫站ID。